package cn.kmust.booth.portal.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * @author XChao
 * @date 2020/7/14 - 19:23
 */
@Configuration
//方法级别的权限控制 允许执行访问权限的检查
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

//    @Bean
//    public PasswordEncoder passwordEncoder(){
//        return new BCryptPasswordEncoder();
//    }


//    正常提交ajax请求，关闭跨域攻击，security的 登录拦截功能将失效
//    @Override
//    protected void configure(HttpSecurity http) throws Exception {
//        //跨域访问
//        http.csrf().disable();
//    }

    @Autowired
    UserDetailsServiceImp userDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // 登录页面的URL
        String loginPageUrl = "/login.html";
        // 处理登录请求的URL
        String loginProcessingUrl = "/login";
        // 登录失败后的URL
        String loginFailureUrl = "/login.html?error";
        // 登录成功后的URL
        String loginSuccessUrl = "/index.html";
        // 退出登录的URL
        String logoutUrl = "/logout";
        // 退出登录成功后的URL
        String logoutSuccessUrl = "/login.html?logout";

        //准备白名单 是不需要登录就可以访问的路径
        String[] antMatchers = {
                loginPageUrl,
                "/register.html",
                "/api/v1/users/student/register",
                "/bower_components/**",
                "/css/**",
                "/img/**",
                "/js/**",

        };
        //授权设置 是相对固定的
        //csrf().disable() 关闭跨域攻击
        http.csrf().disable()
                //表示对请求的验证
                .authorizeRequests()
                //配置访问白名单  permitAll对白名单进行授权
                .antMatchers(antMatchers).permitAll()
                //anyRequest除了白名单的  authenticated 仅经过授权的允许访问
                .anyRequest().authenticated()
                //未被授权将通过登录表单进行验证
                .and().formLogin()
                //登录页面路径
                .loginPage(loginPageUrl)
                //处理登录的位置
                .loginProcessingUrl(loginProcessingUrl)
                //登陆失败的处理
                .failureUrl(loginFailureUrl)
                //成功登录的跳转
                .defaultSuccessUrl(loginSuccessUrl)
                //退出登录
                .and().logout()
                //退出登录的路径
                .logoutUrl(logoutUrl)
                //退出登录成功后的跳转
                .logoutSuccessUrl(logoutSuccessUrl);

        http.sessionManagement().maximumSessions(1);
    }
}
